Desperate to fund its massive military and nuclear weapons programmes, the bankrupt North Korean government is attempting bank heists around the world by draining ATMs and initiating fraudulent money transfers, US and UN investigators say.
North Korea’s cyber thefts are overseen by the nation’s intelligence agency and reap billions of dollars that help to keep afloat a regime severely handicapped by crippling UN sanctions, US officials say.
The electronic rip-off scheme has been going on since at least February and represents a resurgence of operations after an apparent lull in bank robberies by North Korea last year, the Federal Bureau of Investigation, Department of Homeland Security, US Treasury Department and US Cyber Command said yesterday in a joint statement.
UN investigators say the complexity of the state-sponsored con-game perpetrated across dozens of countries shows North Korea’s cyber capabilities have become dangerously sophisticated.
Kim’s crackerjack hacking crew
A North Korean hacking team the US government has named BeagleBoyz that specialises in robbing banks through remote internet access is believed to be behind the digital scams.
The group has targeted financial institutions in India, Brazil, Indonesia, Spain, Turkey and several countries throughout Southeast Asia and Africa since 2015, the agencies said.
BeagleBoyz is part of a broader umbrella of North Korean hacking activity known as Hidden Cobra, the alert said, and they overlap with another entity known as Lazarus, which industry and government analysts say was responsible for the 2018 campaign against Cosmos Bank.
During the Cosmos Bank sting, the Marxist bandits made off with more than $13m by penetrating three layers of defence and then coordinating simultaneous withdrawals from 14,000 ATMs across 28 countries, according to UN officials.
Lazarus has been accused of stealing hundreds of millions of dollars in other operations and was also blamed for one of the world’s most devastating cyberattacks—the WannaCry virus—that hit hospitals, businesses and a host of other private sector and government entities in 2017.
The agencies linked the BeagleBoyz group to the theft of $81m from the Bank of Bangladesh in 2016, part of an attempted $1bn heist disrupted by the Federal Reserve Bank of New York.
Spear phishing raids that reel in the booty
Pyongyang-based hackers’ strategies include spear phishing attacks.
Spear phishing is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.
While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals, spear phishing focuses on specific targets and involve prior research.
Other targets of the Communist techies include retail payment infrastructures and interbank payment processors, the agencies said.
Smiling crooks and tearful victims
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” Bryan Ware, assistant director for cybersecurity at the Department of Homeland Security, said in a statement.
Pyongyang’s cyber-enabled bank-robbing campaigns have proven as debilitating to the victims, a they have been lucrative for the perpetrators, the agencies said.
ATM and retail point of sale services for an unidentified bank in Africa were down for two months in 2018 after an attempted theft.
A bank in Chile was hit with a type of file-destroying malware that crashed thousands of computers and distracted from efforts by the hackers to send fraudulent financial transaction statements via the bank’s compromised SWIFT terminal, which is used by banks to securely send and receive money with each another.
North Korean officials have always denied that the country’s agents have hacked financial institutions.